I admit that it's likely something simple I have done incorrectly so the solution could be I need to change something, or perhaps SEP's firewall just won't work with the scenario I have going.
Here's the background and setup - I have a Windows 2008R2 server set up and running a VPN Gateway solution. The server has 1 "physical NIC", I say physical as who runs a real physical hardware server these days - it's a VMWare server but for all practical purposes, it's a standard network inferface in the server. It worked great for quite a while, then I repurposed it. SEP was working fine, the AV, firewall, IPS and everything was fine. No issues.
I install a VPN gateway on the server. This gateway includes a virtaul network interface.
The VMWare "physical" network is on our main server LAN.
The VPN gateway network interface, the virtual interface that product includes and installs is what the VPN clients get assigned to when they connect.
The VPN clients are assigned an IP when they connect and that IP matches the LAN of the VPN gateway's virtual network interface. The product routes between the virtual network interface the VPN clients are on and the main server network. It allows ONLY secure traffic that's come down the tunnel.
SEP is blocking VPN clients from getting to the SEPM servers! They can get to the domain as a whole, they can get to the DCs, they can get to DNS as name resolution works flawlessly. They can get to shares on the file server, open, save, delete documents and files. They can access our in-house browser-based web app. The only thing that's not working well is of all things SEP! The VPN clients are being BLOCKED by the SEP firewall on the VPN Gateway server!
Why is that SEP firewall running on that server blocking the 8014 ports between clients and SEPM servers and yet allowing everything else I have configured for the firewall to allow? The logs very very plainly show BLOCK and the rule is "block all other traffic and log". Even if I place an allow rule for 8014 in the middle of the firewall, the bottom rule, block all other traffic and log, catches and stops the traffic.
I'm totally confused, baffled and at my witts end, such as that is, as all other rules are working. I can connect, log in, get DNS from our own internal servers that site right next to the two SEPM servers, I can ping! ICMP makes it fine. but the firewall on the VPN gateway itself is blocking traffic between the client and the SEPM servers. Local SEP logs are filled with blocked 8014 (I think that's correct, bad issues with short-term memory, sorry!
I uninstalled SEP from the VPN gateway and before the uninstall was done, VPN clients instantly connected to the SEPM servers! It was that fast - the SEP uninstall from the VPN gateway was only half-way done and suddenly VPN clients connected to the SEPMs and traffic started flowing properly.
The OnLY block indications are on the VPN gateway itself. The SEPM servers log nothing blocked, the VPN clients logs are clean except for what the firewalls on the clients SHOULD be blocking, traffic from other outside sources.
Help - please............... ideas?
This is literally the last thing I need to fix before this goes into production. I found this problem when trying to find out why everything worked so bloody perfectly and flawlessly except for it taking 2 or 3 minutes for the Intranet site to come up. WEIRD that things FLY but the single Intranet pages crawl. The SQL based web app flies open, too.